With cybersecurity attacks on the rise nationwide, Dutchess County wants community leaders to be better prepared. To this end, the county is hosting its inaugural Hudson Valley Cyber Security Summit Wednesday.
It can cost upwards of $2.3 million to recover from one cybersecurity attack. So notes Dutchess County Executive Marc Molinaro in placing cybersecurity among his top priorities. Glenn Marchi is commissioner of the Dutchess County Office of Central and Information Services, so cybersecurity is at the top of his list, too.
“It’s not a matter of if you will incur a cybersecurity attack or a breach, it’s really a matter of when,” Marchi says. “And it’s going to have an impact on our municipal leaders and our community leaders and agencies because there’s a cost associated with recovering from a cyber attack in the event that that does occur.”
The summit will address what to do before, during and after a cyber attack; cybersecurity insurance and compliance; the importance of an effective cybersecurity plan; and how to respond to a simulated cyber attack.
“One of the panel discussions is an active learning component where we’re going to have an IBM cyber advisor actually walk the audience through a simulated cybersecurity attack so they get a feel for how an attack starts, what happens in the middle and how it closes,” says Marchi.
Marchi thought the summit might attract around 100 attendees, yet some 300 have signed up and the summit is at full capacity.
“Well, the response has been absolutely overwhelming, Allison. The, our initial intent was just to gather the local municipal leaders from our cities, our towns, police, fire, IT department reps, just for, it started out just for one county, our county, Dutchess. Then we added, let’s say, Westchester County because there was some interest when I started to talk and chat with our partners, our neighbors, and then it just grew. Everyone wanted to be a part of it. They said can Ulster County join? Can Sullivan? Can Greene County? Can Rockland County? So, Columbia? So they all wanted to be a part of this,” says Marchi. “Not only, so we reached to the Hudson Valley counties, we’ve got nine counties, but there’s actually a total of 18 counties, representatives from 18 different counties, some coming as far north as Washington County, which is northeast of Albany, coming all the way down and, I think, Monmouth County in New Jersey is actually a part of this as well. So, it’s really sparked a lot of interest.”
He says it’s important to be prepared for ever changing cyberattacks.
“You’ve got to keep up with the tools, the techniques, processes and procedures to provide an effective defense and response to these new cyberattacks that are occurring. So it’s not something you can just say, well, I have a cyber plan, I have a firewall up, I’m good to go. No, that’s not how it works,” Marchi says. “They’re constantly finding, these cyber attackers are constantly finding new ways to penetrate organizations and get to data and do all kinds of destruction, destructive behaviors on data, on citizen data vital, important data. We have a responsibility as municipal leaders to protect our citizen data, and that’s what this Cyber Security Summit is all about.”
The summit, with a number of guest speakers and panels, runs from 9 a.m. to 12 p.m. at Marist College in Poughkeepsie. Meantime, Dutchess County has something new for its employees.
“Speaking of cybersecurity awareness, we have identified a toolset that we’re going to roll out for our county employees,” Marchi says. “And I know it’s Marc Molinaro’s intent to also offer that as an opportunity, it may be an opportunity for shared service for other municipal leaders within Dutchess to leverage that service.
“What do you mean by toolkit?” asks Dunne.
“Cyberseurity awareness is a, there’s a toolkit, providers that, they actually set up a campaign, a cyber campaign where they’ll send you fake emails that, if you click on them, they will respond with, hey, you clicked on a bad email; you just lost the data to the financial department,” says Marchi. “And this is, and what it does, if you clicked on the email, it directs you to training, immediately online training to correct what you did wrong to prepare you for those kinds of attacks, Ransomware attacks and whatnot, so you can respond to them more effectively. So it’s a combination of cybersecurity education that includes these online active learning campaigns.”
He says the toolkit will be rolled out during this first quarter.